俄羅斯黑客竊取全球12億用戶信息

俄羅斯黑客團伙竊取了12億用戶名和密碼，這些屬于5億多個電子郵件地址,來自與一家專門從事發(fā)現(xiàn)漏洞叫Hold Security的美國公司稱。
Hold Security將此次描述為“這是有史以來規(guī)模最大的已知的互聯(lián)網(wǎng)信息失竊案件”。
稱被盜信息來自超過420000個網(wǎng)站,包括“全世界幾乎所有行業(yè)的領(lǐng)軍企業(yè)”。
Hold Security 沒有透露受到黑客影響的公司具體細節(jié)。（更多全球資訊請登錄中國進出口網(wǎng)）
“他們目標(biāo)不只是大公司,相反,他們有針對的對受害者所訪的每個網(wǎng)站,“Hold Security在其報告中表示。
“成千上萬的網(wǎng)站受到影響,包括許多世界各地幾乎所有行業(yè)的領(lǐng)軍企業(yè)，,以及眾多小型甚至個人網(wǎng)站。”
這些數(shù)據(jù)庫被用來攻擊電子郵件提供者,社會媒體和在其他網(wǎng)站向受害者發(fā)布垃圾郵件和在其他合法的系統(tǒng)上安裝惡意插件”
《紐約時報》首先報道發(fā)現(xiàn),一個不隸屬于Hold Security的安全專家分析了被盜數(shù)據(jù)庫憑證,確認這一消息屬實”。
“另一個計算機犯罪專家曾回顧了數(shù)據(jù),但不允許公開討論這個問題,因為說是一些大公司意識到,他們的記錄是在被盜信息里面,”該報稱。
該報補充說:“Hold Security不會指出受害公司名字，引用保密協(xié)議和不愿提到名字的公司網(wǎng)站仍然是脆弱的。”
多管齊下的攻擊?
Hold Security,此前報道了關(guān)于黑客對Adobe和的Target的攻擊,并說說花了7個多月的研究才發(fā)現(xiàn)最新的攻擊內(nèi)容。
該公司聲稱該團伙最初獲得的數(shù)據(jù)庫來自于黑市上黑客手。
這些數(shù)據(jù)庫被用來攻擊電子郵件提供者,社會媒體和在其他網(wǎng)站向受害者發(fā)布垃圾郵件和在其他合法的系統(tǒng)上安裝惡意插件”Hold Security 提到。
黑客也從僵尸網(wǎng)絡(luò)獲取訪問數(shù)據(jù)——感染惡意軟件的計算機引起別的計算機感染。
Hold Security說僵尸網(wǎng)絡(luò)幫助黑客組織——它被稱為CyberVor識別超過400000個網(wǎng)站,這些仍易受到網(wǎng)絡(luò)攻擊。
“CyberVors利用這些漏洞從這些網(wǎng)站的數(shù)據(jù)庫竊取數(shù)據(jù),”該公司說。

“我們所知,他們大多集中于盜竊信息,最終結(jié)局是總計被盜超過12億電子郵件和密碼的最大個人信息緩存的數(shù)據(jù)。” （更多全球資訊請登錄中國進出口網(wǎng)） 
Russia gang hacks 1.2 billion usernames and passwords
The group is alleged to have stolen credentials from hundreds of thousands of websites globally
A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security - a US firm specialising in discovering breaches.
Hold Security described the hack as the "largest data breach known to date".
It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".

Hold Security did not give details of the companies affected by the hack.
"They didn't just target large companies; instead, they targeted every site that their victims visited," Hold Security said in its report.
"With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."
These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems”
Hold Security （更多全球資訊請登錄中國進出口網(wǎng)） 
The New York Times, which first reported the findings, said that on its request "a security expert not affiliated with Hold Security analysed the database of stolen credentials and confirmed it was authentic".
"Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information," the paper said.
The paper added: "Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable."
Multi-pronged attack?
Hold Security, which has previously reported about hacks on Adobe and Target, said it took more than seven months of research to discover the extent of the latest hack.
The firm claimed the gang initially acquired databases of stolen credentials from fellow hackers on the black market.
"These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems," Hold Security said.
The hackers also got access to data from botnets - a network of computers infected with malware to trigger online fraud. （更多全球資訊請登錄中國進出口網(wǎng)） 
Hold Security said the botnets helped the hacking group - which it dubbed CyberVor - identify more than 400,000 websites that were vulnerable to cyber attacks.
"The CyberVors used these vulnerabilities to steal data from these sites' databases," the firm said.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords."